That is a very good question and common problem with multi-value attribute. Daniel, could you give us one concrete example of multiple sensitive types for a single file.
SensitiveType attribute itself supports multi value with each value segmented by vertical bar ³|², for example if one file is marked to be 2 sensitive types, i.e. PHONE_NUMBER and CUSTOMER_INFO, then the field value could be ³PHONE_NUMBER|CUSTOMER_INFO². But we need look at how to write the policy if we want to detect any access to file/folder with one sensitive type. If we want to alert against any access to PHONE_NUMBER file/folder, then the policy would be str:contains(sensitivityType, ŒPHONE_NUMBER¹) instead of sensitivityType==ŒPHONE_NUMBER¹, or probably regular expression is better. The other graceful way is to write a Siddhi plugin which handles comparison against multi-value attribute. Let me your thoughts. Thanks Edward On 12/4/15, 12:25, "Daniel Zhou" <[email protected]> wrote: >Hi all, > >Is it possible for me to mark one file/folder with multiple "Sensitive >Type"? > >Regards, >Daniel
